Not to downplay the exploit at all, but for everyone raging that this occurred and are worrying about the integrity of their codebase, we are talking about an SCM for god sakes aren't we? Git is distributed and all most users would need to do who are freaking out right now about evil commits is to go back and audit your git commit history no?